1999-11-22 09:21:59 +08:00
|
|
|
INTERNET-DRAFT H. Lachman
|
|
|
|
Intended Category: Standards Track Netscape Communications Corp.
|
|
|
|
Filename: draft-lachman-laser-ldap-mail-routing-01.txt G. Shapiro
|
|
|
|
Sendmail, Inc.
|
|
|
|
Expires: April 2000 October 1999
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
LDAP Schema for Intranet Mail Routing
|
|
|
|
|
|
|
|
Status of this Memo
|
|
|
|
|
|
|
|
This document is an Internet-Draft and is in full conformance with
|
|
|
|
all provisions of Section 10 of RFC2026.
|
|
|
|
|
|
|
|
Internet-Drafts are working documents of the Internet Engineering
|
|
|
|
Task Force (IETF), its areas, and its working groups. Note that
|
|
|
|
other groups may also distribute working documents as Internet-
|
|
|
|
Drafts.
|
|
|
|
|
|
|
|
Internet-Drafts are draft documents valid for a maximum of six months
|
|
|
|
and may be updated, replaced, or obsoleted by other documents at any
|
|
|
|
time. It is inappropriate to use Internet-Drafts as reference
|
|
|
|
material or to cite them other than as "work in progress."
|
|
|
|
|
|
|
|
The list of current Internet-Drafts can be accessed at
|
|
|
|
http://www.ietf.org/ietf/1id-abstracts.txt
|
|
|
|
|
|
|
|
The list of Internet-Draft Shadow Directories can be accessed at
|
|
|
|
http://www.ietf.org/shadow.html.
|
|
|
|
|
|
|
|
This draft is being discussed on the Laser mailing list at
|
|
|
|
<laser@sunroof.eng.sun.com>. Subscription requests can be sent to
|
|
|
|
<laser-request@sunroof.eng.sun.com> (send an email message with the
|
|
|
|
word "subscribe" in the body). More information on the mailing list
|
|
|
|
along with an archive of back messages is available at
|
|
|
|
<http://playground.sun.com/laser/>.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
[[Section X will be removed before the document is submitted to the
|
|
|
|
IESG.]]
|
|
|
|
|
1999-09-16 10:37:19 +08:00
|
|
|
Copyright Notice
|
|
|
|
|
|
|
|
Copyright (C) The Internet Society (1999). All Rights Reserved.
|
|
|
|
|
|
|
|
Abstract
|
|
|
|
|
|
|
|
This document defines an LDAP [1] object class called
|
|
|
|
'inetLocalMailRecipient' and associated attributes that provide a way
|
|
|
|
to designate an LDAP entry as one that represents a local (intra-
|
|
|
|
organizational) email recipient, to specify the recipient's email
|
|
|
|
address(es), and to provide routing information pertinent to the
|
|
|
|
recipient. This is intended to support SMTP [2] message transfer
|
|
|
|
agents in routing RFC 822-based email [3] within a private enterprise
|
|
|
|
only, and is not to be used in the process of routing email across
|
|
|
|
the public Internet.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 1]
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
|
|
|
|
|
|
|
1. Conventions Used in this Document
|
|
|
|
|
|
|
|
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
|
|
|
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
|
|
|
|
document are to be interpreted as described in [10].
|
|
|
|
|
|
|
|
2. Background and Motivation
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
LDAP-based directory services are currently being used in many
|
|
|
|
organizations as a repository of information about users and other
|
|
|
|
network entities (such as groups of users, network resources, etc.).
|
|
|
|
In cases where LDAP entries are used to represent entities that are
|
|
|
|
email recipients (e.g., a mail user or a mailing list), the LDAP
|
|
|
|
entries provide a convenient place to store per-recipient data, such
|
|
|
|
as a recipient's email address.
|
|
|
|
|
|
|
|
In many organizations, an email recipient may have an email address
|
|
|
|
(e.g., "joe@example.com") that does not specify the host that
|
|
|
|
receives mail for that recipient (e.g., "host42.example.com"). A
|
|
|
|
message transfer agent (MTA) responsible for routing mail within the
|
|
|
|
organization needs some way to determine the appropriate target host
|
|
|
|
for such a recipient. A common solution is the sendmail "aliases"
|
|
|
|
database which may contain a record that provides the necessary per-
|
|
|
|
recipient routing information (e.g., "joe: joe@host42"). A drawback
|
|
|
|
of this solution is that if the organization hosts more than one DNS
|
|
|
|
domain (e.g., "example.com" and "example.org", with "joe" in each
|
|
|
|
domain being different recipients), a more explicit mapping is
|
|
|
|
desirable. The schema defined in this document provides a way to
|
|
|
|
represent such mappings in LDAP and X.500 [4] directory services.
|
|
|
|
|
|
|
|
An LDAP entry that represents an email recipient could conceivably
|
|
|
|
contain a variety of attributes related to email, such as disk quota
|
|
|
|
and delivery preferences. We consider here only attributes that
|
|
|
|
specify address information and routing information; these attributes
|
|
|
|
may be useful to multiple MTAs within the organization since one or
|
|
|
|
more MTAs may be responsible for intra-organizational routing. The
|
|
|
|
various MTAs in an organization may have been developed by different
|
|
|
|
implementors, so a common schema is desirable for such attributes.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
3. Overview
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
The 'inetLocalMailRecipient' object class and associated attributes
|
|
|
|
identify an LDAP entry as representing an SMTP mail recipient (in the
|
1999-11-22 09:21:59 +08:00
|
|
|
sense "recipient" is used in [2]). A recipient may be a mail user, a
|
|
|
|
mailing list, an auto-responder of some kind (e.g., a mailing list
|
|
|
|
subscription program), a network device such as a printer or fax
|
1999-09-16 10:37:19 +08:00
|
|
|
machine, or other recipient type. Address attributes and routing
|
|
|
|
attributes are provided to aid SMTP MTAs in routing mail within an
|
|
|
|
organization to the appropriate target MTA for each recipient.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 2]
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
Once on the target MTA, a message is handled as per the recipient
|
|
|
|
type and options (which may be specified using other auxiliary object
|
|
|
|
classes and is outside the scope of this document). For example, the
|
|
|
|
message may be delivered to a user mailbox, or to a program or
|
|
|
|
network device, and/or forwarded to another recipient. Or, the
|
|
|
|
target MTA may be a gateway to a non-SMTP mail routing and delivery
|
|
|
|
system including non-SMTP MTAs. Note that, in this discussion,
|
|
|
|
"target MTA" refers to the final SMTP destination of messages for the
|
|
|
|
recipient in question, as we are considering routing of mail only
|
|
|
|
among the SMTP MTAs within an organization.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
The target MTA checks to see if the destination domain of the
|
|
|
|
recipient address is one that it is responsible for LDAP-based
|
|
|
|
routing. If so, checks for matching e-mail addresses in LDAP by
|
|
|
|
looking up the envelope recipient address in LDAP using the object
|
|
|
|
class described in section 4.1 and the attribute discussed in section
|
|
|
|
4.2. If it gets back an unambiguous match, it interprets the routing
|
|
|
|
attributes as described in section 4.3.
|
|
|
|
|
1999-09-16 10:37:19 +08:00
|
|
|
Routing of mail between different organizations across the public
|
|
|
|
Internet is outside the scope of this document, as the mechanism for
|
|
|
|
this is already standardized [5,6]. An 'inetLocalMailRecipient'
|
|
|
|
entry represents a mail recipient that is local to the organization
|
|
|
|
in question, not recipients in other organizations. This means that
|
1999-11-22 09:21:59 +08:00
|
|
|
the domain names that appear within the 'mailLocalAddress' and
|
|
|
|
'mailHost' attribute values in an 'inetLocalMailRecipient' entry must
|
|
|
|
be DNS domain names that are within the administrative authority of
|
|
|
|
the organization in question (i.e., the organization within which
|
|
|
|
MTAs are accessing such entries and using these attributes for mail
|
1999-09-16 10:37:19 +08:00
|
|
|
routing).
|
|
|
|
|
|
|
|
LDAP entries that are not 'inetLocalMailRecipient' entries should be
|
1999-11-22 09:21:59 +08:00
|
|
|
ignored by MTAs for the purpose of routing. An example is a
|
|
|
|
conference room whose LDAP entry contains contact information (e.g.,
|
|
|
|
email address and telephone number) for the person who books
|
|
|
|
reservations for the room; the conference room is not a mail
|
|
|
|
recipient, and can safely be ignored by MTAs doing route
|
|
|
|
determination based on recipient address.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
4. Object Class and Attribute Definitions
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
The 'inetLocalMailRecipient' object class and associated attributes
|
|
|
|
are defined (using syntaxes given in [7]) as follows.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 3]
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
|
|
|
|
|
|
|
4.1 The inetLocalMailRecipient Object Class
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
( 2.16.840.1.113730.3.2.[[TBD]]
|
|
|
|
NAME 'inetLocalMailRecipient'
|
|
|
|
SUP top
|
|
|
|
AUXILIARY
|
1999-11-22 09:21:59 +08:00
|
|
|
MAY ( mailLocalAddress $
|
1999-09-16 10:37:19 +08:00
|
|
|
mailHost $ mailRoutingAddress
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
The 'inetLocalMailRecipient' object class signifies that the entry
|
|
|
|
represents an entity within the organization that can receive SMTP
|
1999-11-22 09:21:59 +08:00
|
|
|
mail, such as a mail user or a mailing list. In any case of an entry
|
|
|
|
containing the 'inetLocalMailRecipient' object class, attributes
|
|
|
|
defined in this document MUST be interpreted as specified in this
|
|
|
|
document.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
4.2 Address Attribute
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
( 2.16.840.1.113730.3.1.13
|
|
|
|
NAME 'mailLocalAddress'
|
1999-09-16 10:37:19 +08:00
|
|
|
DESC 'RFC 822 email address of this recipient'
|
|
|
|
EQUALITY caseIgnoreIA5Match
|
|
|
|
SYNTAX '1.3.6.1.4.1.1466.115.121.1.26{256}'
|
|
|
|
)
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
The 'mailLocalAddress' attribute is used to specify email addresses,
|
|
|
|
for the recipient; for example, "nickname@example.com". The address
|
|
|
|
conforms to the syntax of an 'addr-spec' as defined in [3].
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
The 'mailLocalAddress' attribute MUST contain all addresses that
|
|
|
|
represent each recipient of the target MTA. Commonly, the value of
|
|
|
|
the 'mail' attribute should also be among the addresses listed in
|
|
|
|
the 'mailLocalAddress' attribute if it is expected to be used for
|
|
|
|
LDAP mail routing.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
When determining the disposition of a given message, MTAs using LDAP
|
|
|
|
(directly or indirectly) to route mail MUST search for an entry
|
|
|
|
with object class 'inetLocalMailRecipient' and a 'mailLocalAddress'
|
1999-09-16 10:37:19 +08:00
|
|
|
attribute matching the message's recipient address. If exactly one
|
1999-11-22 09:21:59 +08:00
|
|
|
matching entry is found, MTAs MUST regard the message as being
|
1999-09-16 10:37:19 +08:00
|
|
|
addressed to the entity that is represented by the directory entry.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
If multiple entries are found, but all share an identical match for
|
|
|
|
both mailRoutingAddress and mailHost (e.g., their presence or absence
|
|
|
|
is the same as well as their values if present), the MTA MAY treat
|
|
|
|
this as a single match. Duplicate entries that return different
|
|
|
|
routing attributes or contradict each other are errors, however, and
|
|
|
|
should be handled by the MTA in some locally-appropriate way, such as
|
|
|
|
returning a DSN [11] to the sender.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 4]
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
If there is no match found by the above, MTAs SHOULD have the
|
|
|
|
capability of searching for the recipient domain against the
|
|
|
|
'mailLocalAddress' attribute using the "wildcard domain" address
|
|
|
|
"@<full-local-domain>" , e.g., "@example.org". In other words, if
|
|
|
|
mail arrives for "someone@example.org", and there is no recipient
|
|
|
|
with that address specified as 'mailLocalAddress', then the recipient
|
|
|
|
with the wildcard domain address should receive the mail.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
MTAs MAY do other searches but only after the above are done.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
In short, the address attribute 'mailLocalAddress' may be used by an
|
|
|
|
LDAP entry to answer the question "what is/are this account's email
|
|
|
|
address(es)?"
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
4.3 Routing Attributes
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
( 2.16.840.1.113730.3.1.18
|
|
|
|
NAME 'mailHost'
|
|
|
|
DESC 'fully-qualified hostname of the MTA that is the final
|
|
|
|
SMTP destination of messages to this recipient'
|
|
|
|
EQUALITY caseIgnoreIA5Match
|
|
|
|
SYNTAX '1.3.6.1.4.1.1466.115.121.1.26{256}'
|
|
|
|
SINGLE-VALUE
|
|
|
|
)
|
|
|
|
|
|
|
|
The 'mailHost' attribute indicates which SMTP MTA considers the
|
1999-11-22 09:21:59 +08:00
|
|
|
recipient's mail to be locally handleable. This information can be
|
1999-09-16 10:37:19 +08:00
|
|
|
used for routing, in that an intermediary MTA may take it to be the
|
1999-11-22 09:21:59 +08:00
|
|
|
destination for messages addressed to this recipient. Normal mail
|
|
|
|
routing requirements (i.e., use of MX records) apply to the specified
|
|
|
|
hostname unless overridden by local conventions. In other words, the
|
|
|
|
mail should be sent to the specified host without changing the
|
|
|
|
recipient address. The hostname is specified as a fully-qualified
|
|
|
|
DNS hostname with no trailing dot (e.g., "host42.example.com").
|
|
|
|
|
|
|
|
If the 'inetLocalMailRecipient' object class is present, the
|
|
|
|
'mailHost' attribute for each entry MAY contain a value. If it does,
|
|
|
|
that value MUST be the fully qualified name of the server containing
|
|
|
|
the host MTA for this person. If 'mailHost' is present then it MUST
|
|
|
|
be taken as the host for this user, and all mail to this user MUST be
|
|
|
|
routed to this machine.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
( 2.16.840.1.113730.3.1.47
|
|
|
|
NAME 'mailRoutingAddress'
|
|
|
|
DESC 'RFC 822 address to use when routing messages to
|
|
|
|
the SMTP MTA of this recipient'
|
|
|
|
EQUALITY caseIgnoreIA5Match
|
|
|
|
SYNTAX '1.3.6.1.4.1.1466.115.121.1.26{256}'
|
|
|
|
SINGLE-VALUE
|
|
|
|
)
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 5]
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
|
|
|
|
1999-09-16 10:37:19 +08:00
|
|
|
The 'mailRoutingAddress' attribute indicates a routing address for
|
1999-11-22 09:21:59 +08:00
|
|
|
the recipient. The address MUST conform to the syntax of an
|
|
|
|
'addr-spec' in [3]. An intermediary MTA MUST use this information to
|
|
|
|
route the message to the MTA that handles mail for this recipient,
|
|
|
|
e.g., the envelope address MUST be rewritten to this value. This is
|
1999-09-16 10:37:19 +08:00
|
|
|
useful in cases where, for a given recipient, the target MTA prefers
|
|
|
|
a particular address to appear as the recipient address in the SMTP
|
1999-11-22 09:21:59 +08:00
|
|
|
envelope. 'mailRoutingAddress' MAY be used as an alternative to
|
1999-09-16 10:37:19 +08:00
|
|
|
'mailHost', and is intended to have the same effect as 'mailHost'
|
1999-11-22 09:21:59 +08:00
|
|
|
except that 'mailRoutingAddress' is an address for rewriting the
|
|
|
|
envelope. With 'mailHost', the envelope address either is not
|
1999-09-16 10:37:19 +08:00
|
|
|
rewritten, or is rewritten according to implementation-specific rules
|
|
|
|
and/or configuration.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
If both 'mailHost' and 'mailRoutingAddress' are present, MTAs MAY
|
|
|
|
interpret it to mean that messages are to be routed to the host
|
|
|
|
indicated by 'mailHost', while rewriting the envelope as per
|
1999-09-16 10:37:19 +08:00
|
|
|
'mailRoutingAddress'. In theory, there could be peculiar cases where
|
|
|
|
this is necessary, but this is not normally expected.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Absence of both 'mailHost' and 'mailRoutingAddress' MAY be considered an
|
|
|
|
error, unless "location-independent" recipient types are supported by
|
|
|
|
the various MTAs within the organization. This would allow any MTA in
|
|
|
|
the organization to handle the processing of mail for, say, a mailing
|
|
|
|
list. This presumes that the various MTAs all recognize the recipient
|
|
|
|
type in question, suggesting a need to standardize recipient types that
|
|
|
|
could be "location-independent".
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
In short, routing attributes may be used by an LDAP entry to answer
|
|
|
|
the question "how should MTAs route mail to this account?"
|
|
|
|
(analogous to using the sendmail "aliases" database for per-user
|
|
|
|
routing within an organization). This is in contrast with
|
|
|
|
"forwarding"; forwarding and delivery options may be specified in an
|
|
|
|
LDAP entry to answer the question "what happens to mail once it
|
|
|
|
arrives at this account?", which may include forwarding to some other
|
|
|
|
account within or outside the organization (analogous to using the
|
|
|
|
sendmail ".forward" file). Such options are outside the scope of the
|
|
|
|
'inetLocalMailRecipient' schema definition.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
The following possibilities exist as a result of an LDAP lookup on an
|
|
|
|
address:
|
|
|
|
|
|
|
|
mailHost is mailRoutingAddress is Results in
|
|
|
|
----------- --------------------- ----------
|
|
|
|
set to a set mail routed to
|
|
|
|
"local" host mailRoutingAddress
|
|
|
|
|
|
|
|
set to a not set delivered to
|
|
|
|
"local" host original address
|
|
|
|
|
|
|
|
Lachman, et. al. [Page 6]
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
|
|
|
|
|
|
|
set to a set MAY relay to mailHost
|
|
|
|
remote host using mailRoutingAddress
|
|
|
|
|
|
|
|
set to a not set original address
|
|
|
|
remote host relayed to mailHost
|
|
|
|
|
|
|
|
not set set mail routed to
|
|
|
|
mailRoutingAddress
|
|
|
|
|
|
|
|
not set not set error or
|
|
|
|
"location-independent"
|
|
|
|
|
|
|
|
The term "local" host above means the host specified is one that the
|
|
|
|
local (target) MTA considers to be a local delivery. The local MTA
|
|
|
|
MAY rewrite the original address when mailRoutingAddress is not set
|
|
|
|
if local conventions warrant the change.
|
|
|
|
|
|
|
|
5. Examples
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
The following examples illustrate possible uses of the
|
|
|
|
'inetLocalMailRecipient' object class.
|
|
|
|
|
|
|
|
Here is an example of an LDAP entry representing a mail user:
|
|
|
|
|
|
|
|
dn: uid=joe,o=Example Corp,c=US
|
1999-11-22 09:21:59 +08:00
|
|
|
objectClass: top
|
|
|
|
objectClass: person
|
|
|
|
objectClass: organizationalPerson
|
|
|
|
objectClass: inetOrgPerson
|
|
|
|
objectClass: inetLocalMailRecipient
|
|
|
|
objectClass: nsMessagingServerUser
|
1999-09-16 10:37:19 +08:00
|
|
|
cn: Joe User
|
|
|
|
sn: User
|
|
|
|
uid: joe
|
1999-11-22 09:21:59 +08:00
|
|
|
userPassword: {crypt}y2KxtbzMYnApU
|
1999-09-16 10:37:19 +08:00
|
|
|
mail: joe@example.com
|
1999-11-22 09:21:59 +08:00
|
|
|
mailLocalAddress: joe@example.com
|
|
|
|
mailLocalAddress: joe@another.example.com
|
|
|
|
mailHost: nsmail1.example.com
|
|
|
|
mailDeliveryOption: mailbox
|
|
|
|
mailQuota: 1000000
|
|
|
|
mailForwardingAddress: mary@example.com
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
Joe User is a user of a hypothetical mail system called NS Messaging.
|
|
|
|
Let's say mail arrives on an MTA called "mx.example.com", addressed
|
1999-11-22 09:21:59 +08:00
|
|
|
to "joe@example.com". That MTA searches the directory for a mail
|
|
|
|
recipient with that address, using an LDAP search filter [8] such as:
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
(&(objectClass=inetLocalMailRecipient)
|
1999-11-22 09:21:59 +08:00
|
|
|
(mailLocalAddress=joe@example.com))
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 7]
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
It finds Joe's LDAP entry, and routes the message to the target MTA
|
|
|
|
"nsmail1.example.com", while not rewriting the SMTP envelope
|
|
|
|
recipient address. Then, "nsmail1.example.com" receives the message,
|
|
|
|
searches for and finds the recipient in the directory, ascertains
|
|
|
|
that it is the recipient's target MTA, and handles the message as per
|
|
|
|
other attributes in the recipient's entry and/or the MTA
|
|
|
|
configuration (in this case, the message is delivered to a mailbox,
|
|
|
|
and forwarded to another recipient).
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Note that this document does not specify the rules an MTA is to use
|
|
|
|
to ascertain whether or not it is the target MTA for a given
|
|
|
|
recipient (it could check the recipient's 'mailHost' value against
|
|
|
|
its own hostname, or check the recipient's 'mailRoutingAddress', or
|
|
|
|
check the MTA configuration, or some combination of these).
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
Here is another example of an LDAP entry representing a mail user:
|
|
|
|
|
|
|
|
dn: uid=john,o=Example Corp,c=US
|
1999-11-22 09:21:59 +08:00
|
|
|
objectClass: top
|
|
|
|
objectClass: person
|
|
|
|
objectClass: organizationalPerson
|
|
|
|
objectClass: inetOrgPerson
|
|
|
|
objectClass: inetLocalMailRecipient
|
|
|
|
objectClass: xyzMailUser
|
1999-09-16 10:37:19 +08:00
|
|
|
cn: John Doe
|
|
|
|
sn: Doe
|
|
|
|
uid: john
|
1999-11-22 09:21:59 +08:00
|
|
|
userPassword: {crypt}y2KxtbzMYnApU
|
1999-09-16 10:37:19 +08:00
|
|
|
mail: john@example.com
|
1999-11-22 09:21:59 +08:00
|
|
|
mailLocalAddress: john@example.com
|
|
|
|
mailRoutingAddress: John_Doe@xyz-gw.example.com
|
|
|
|
xyzPostOfficeName: PO_1
|
|
|
|
xyzClusterNumber: 3
|
|
|
|
xyzMessageStoreId: 9
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
John Doe is a user of a hypothetical mail system called XYZ Mail.
|
|
|
|
Let's say mail arrives on an MTA called "mx.example.com", addressed
|
1999-11-22 09:21:59 +08:00
|
|
|
to "john@example.com". That MTA searches the directory for a mail
|
1999-09-16 10:37:19 +08:00
|
|
|
recipient with that address, and routes the message to "xyz-
|
|
|
|
gw.example.com", rewriting the SMTP envelope recipient address to
|
|
|
|
"John_Doe@xyz-gw.example.com", as per the 'mailRoutingAddress'. On
|
|
|
|
"xyz-gw.example.com", the message is gatewayed into the XYZ Mail
|
|
|
|
system and then dealt with as per other attributes.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 8]
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
Here is an example of an LDAP entry representing a mailing list:
|
|
|
|
|
|
|
|
dn: cn=Scuba Group,o=Example Corp,c=US
|
1999-11-22 09:21:59 +08:00
|
|
|
objectClass: top
|
|
|
|
objectClass: groupOfUniqueNames
|
|
|
|
objectClass: inetLocalMailRecipient
|
|
|
|
objectClass: mailGroup
|
1999-09-16 10:37:19 +08:00
|
|
|
cn: Scuba Group
|
|
|
|
mail: scuba@example.com
|
1999-11-22 09:21:59 +08:00
|
|
|
mailLocalAddress: scuba@example.com
|
|
|
|
mailHost: host42.example.com
|
|
|
|
mgrpRFC822MailMember: joe@example.com
|
|
|
|
mgrpRFC822MailMember: john@example.com
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
The Scuba Group is a mail group (mailing list) that includes two
|
|
|
|
members. A message addressed to "scuba@example.com" is routed to
|
|
|
|
"host42.example.com" where it is then resent to the mailing list
|
1999-11-22 09:21:59 +08:00
|
|
|
members. The 'mailGroup' object class is specified elsewhere [9].
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
Here is an example of an LDAP entry representing a forwarding alias:
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
dn: cn=Jane Roe Forwarding Alias,o=Example,c=US
|
|
|
|
objectClass: top
|
|
|
|
objectClass: inetLocalMailRecipient
|
|
|
|
objectClass: mailForwardingAlias
|
|
|
|
mail: janeroe@example.org
|
|
|
|
mailLocalAddress: janeroe@example.org
|
|
|
|
mailHost: mail.example.org
|
|
|
|
mailForwardingAddress: janeroe@elsewhere.example.com
|
1999-09-16 10:37:19 +08:00
|
|
|
cn: Jane Roe Forwarding Alias
|
|
|
|
|
|
|
|
This entry uses a hypothetical object class 'mailForwardingAlias'
|
|
|
|
that is not specified here, but is used as an example of how an LDAP
|
|
|
|
entry might represent such a recipient type. A message addressed to
|
1999-11-22 09:21:59 +08:00
|
|
|
"janeroe@example.org" is routed to "mail.example.org" where it is
|
|
|
|
then forwarded. In this case, Jane Roe may be a former member of the
|
|
|
|
Example Organization, and they are forwarding her mail to her new
|
1999-09-16 10:37:19 +08:00
|
|
|
address elsewhere.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
6. Security Considerations
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
As in all cases where account information is stored in an LDAP-based
|
|
|
|
directory service, network administrators must be careful to ensure
|
|
|
|
that their directory service controls users' access to the entries
|
|
|
|
and attributes stored therein, according to site policy. In
|
|
|
|
particular, mail routing information should not be accessible from
|
|
|
|
outside the organization, since it is intended for use only by MTAs
|
|
|
|
within the organization.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 9]
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
7. Acknowledgments
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
The 'inetLocalMailRecipient' object class is based on an earlier
|
|
|
|
design done by the Netscape Messaging and Directory Server teams,
|
|
|
|
which was implemented and deployed to customers as part of Netscape
|
|
|
|
Messaging Server. Various team members contributed to the design,
|
|
|
|
including Bill Fitler, Bruce Steinback, Prabhat Keni, Mike Macgirvin,
|
|
|
|
John Myers, John Kristian, Tim Howes, Mark Smith, and Leif Hedstrom.
|
|
|
|
Thanks also to Jeff Hodges of Stanford for contributing to the early
|
|
|
|
design discussions, and to the other participants in the IETF LASER
|
|
|
|
BOF, including, from Sun Microsystems, John Beck, Anil Srivastava,
|
|
|
|
and Darryl Huff.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
8. References
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
[1] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
|
|
|
|
Protocol (v3)", RFC 2251, December 1997.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
[2] J. Postel, "Simple Mail Transfer Protocol", STD 10, RFC 821,
|
|
|
|
August 1982.
|
|
|
|
|
|
|
|
[3] D. Crocker, "Standard for the Format of ARPA Internet Text
|
|
|
|
Messages", STD 11, RFC 822, August 1982.
|
|
|
|
|
|
|
|
[4] "Information Processing Systems - Open Systems Interconnection -
|
|
|
|
The Directory: Overview of Concepts, Models and Service", ISO/IEC JTC
|
|
|
|
1/SC21, International Standard 9594-1, 1988.
|
|
|
|
|
|
|
|
[5] C. Partridge, "Mail routing and the domain system", STD 14, RFC
|
|
|
|
974, January 1986.
|
|
|
|
|
|
|
|
[6] R. Braden, "Requirements for Internet hosts - application and
|
|
|
|
support", STD 3, RFC 1123, October 1989.
|
|
|
|
|
|
|
|
[7] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight X.500
|
|
|
|
Directory Access Protocol (v3): Attribute Syntax Definitions", RFC
|
|
|
|
2252, December 1997.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
[8] T. Howes, "The String Representation of LDAP Search Filters",
|
1999-09-16 10:37:19 +08:00
|
|
|
RFC 2254, December 1997.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
[9] B. Steinback, "Using LDAP for SMTP Mailing Lists and Aliases",
|
1999-09-16 10:37:19 +08:00
|
|
|
Internet-Draft (work in progress).
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
[10] S. Bradner, "Key words for use in RFCs to Indicate Requirement
|
|
|
|
Levels", BCP 14, RFC 2119, March 1997.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
[11] K. Moore, "SMTP Service Extension for Delivery Status
|
|
|
|
Notifications", RCP 1891, January 1996.
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 10]
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
1999-09-16 10:37:19 +08:00
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
9. Authors' Addresses
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
Hans Lachman
|
|
|
|
Netscape Communications Corp.
|
|
|
|
501 East Middlefield Road
|
|
|
|
Mountain View, CA 94043
|
|
|
|
Phone: (650) 254-1900
|
|
|
|
EMail: lachman@netscape.com
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Gregory Neil Shapiro
|
|
|
|
Sendmail, Inc.
|
|
|
|
6603 Shellmound Street
|
|
|
|
Emeryville, CA 94608-1042
|
|
|
|
Phone: +1 510-594-5522
|
|
|
|
Fax: +1 510-594-5411
|
|
|
|
EMail: gshapiro@sendmail.org
|
|
|
|
|
|
|
|
X. Change Summary
|
|
|
|
|
|
|
|
X.1.1 Substantive changes between
|
|
|
|
draft-lachman-laser-ldap-mail-routing-00.txt and
|
|
|
|
draft-lachman-laser-ldap-mail-routing-01.txt
|
|
|
|
|
|
|
|
(i) Added Gregory Neil Shapiro as another author.
|
|
|
|
(ii) Changed Draft heaer.
|
|
|
|
(iii) Added "Conventions Used in this Document" section.
|
|
|
|
(iv) Replaced RFC mentions with reference numbers.
|
|
|
|
(v) Add new MUST/SHOULD/MAY sections to bring more in line with
|
|
|
|
RFC documents.
|
|
|
|
(vi) Clarify job of MTA in Overview by adding third paragraph.
|
|
|
|
(vii) mailRoutingAddress can be outside of administrative control.
|
|
|
|
(viii) Eliminated use of 'mail' attribute for mail routing.
|
|
|
|
(ix) Changed name of 'mailAlternateAddress' to 'mailLocalAddress'.
|
|
|
|
(x) Remove "routable" from 'mailLocalAddress' description.
|
|
|
|
(xi) Clarify which addresses MUST be in 'mailLocalAddress'.
|
|
|
|
(xii) Allow for multiple responses if they all have the same
|
|
|
|
routing attribute values.
|
|
|
|
(xiii) Clarify use of MX records on routing attributes.
|
|
|
|
(xiv) Add a table to clarify use of 'mailHost' and
|
|
|
|
'mailRoutingAddress'.
|
|
|
|
(xv) Remove document weakening statements from section 5.
|
|
|
|
(xvi) Only use reserved domains (example.com, example.org) in
|
|
|
|
examples.
|
|
|
|
(xvii) Clean up references
|
|
|
|
(xviii) Added section X to list the changes between draft versions.
|
|
|
|
|
|
|
|
Lachman, et. al. [Page 11]
|
|
|
|
|
|
|
|
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
|
|
|
|
|
|
|
|
10. Full Copyright Statement
|
1999-09-16 10:37:19 +08:00
|
|
|
|
|
|
|
Copyright (C) The Internet Society (1999). All Rights Reserved.
|
|
|
|
|
|
|
|
This document and translations of it may be copied and furnished
|
|
|
|
to others, and derivative works that comment on or otherwise
|
|
|
|
explain it or assist in its implementation may be prepared, copied,
|
|
|
|
published and distributed, in whole or in part, without
|
|
|
|
restriction of any kind, provided that the above copyright notice
|
|
|
|
and this paragraph are included on all such copies and derivative
|
|
|
|
works. However, this document itself may not be modified in any
|
|
|
|
way, such as by removing the copyright notice or references to the
|
|
|
|
Internet Society or other Internet organizations, except as needed
|
|
|
|
for the purpose of developing Internet standards in which case the
|
|
|
|
procedures for copyrights defined in the Internet Standards
|
|
|
|
process must be followed, or as required to translate it into
|
|
|
|
languages other than English.
|
|
|
|
|
|
|
|
The limited permissions granted above are perpetual and will not
|
|
|
|
be revoked by the Internet Society or its successors or assigns.
|
|
|
|
|
|
|
|
This document and the information contained herein is provided on
|
|
|
|
an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
|
|
|
|
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
|
|
|
|
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
|
|
|
|
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
|
|
|
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
1999-11-22 09:21:59 +08:00
|
|
|
Lachman, et. al. [Page 12]
|